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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1. (Currently Amended) A computer-implemented method for controlling access to 
documents during a workflow, comprising: 

upon entry of a base document into a workflow, creating a workflow working copy of 
the base document; 

receiving a request to access the base document by a user; 

determining using the identitv of the user if the user should be provided access to the 
workflow working conv of the base docviment; 

Goloctivoly providing the user access to the base document if it is not determined that 
the user should be provided access to the workflow working conv o f the base document 
depending upon tho identity of a us e r ; 

Golootivoly providing the user access to the workflow working copy of the base 
document if it is determined that the user should be provid ed access to the workflow working 
copv of the base document depending upon tho identity of a us e r ; and 

if the user is provided access to the workflow working copy of the base document, 
selectively providing access to perform operations on the workflow working copy of the base 
docxmient depending upon the identity of the user. 

2. (Previously Amended) The method of claim 1, fiirther comprising: 

storing access control list data in relation to the base dociament, the access control list 
data defining access controls on performing operations of the workflow working copy of the 
base document; and 

storing security descriptor data in relation to the base document and the workflow 
working copy of the base document, the security descriptor data defining access controls on 
reading the base document and the workflow working copy of the base document. 

3. (Previously Amended) The method of claim 2, wherein selectively providing 
access to perform operations on the workflow working copy of the base docimient depending 
upon the identity of a user, comprises: 
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determining using the access control list data stored in relation to the base document 
that a user has permission to perform an operation on the workflow working copy of the base 
document; and 

allowing the user to perform the operation on the workflow working copy of the base 
document. 

4. (Previously Amended) The method of claim 2, wherein the step of selectively 
providing access to perform operations on the workflow working copy of the base document 
depending upon the identity of a user, comprises: 

determining using the access control list data stored in relation to the base document 
that a user does not have permission to perform an operation on the workflow working copy 
of the base docimient; and 

denying the user access to perform the operation on the workflow working copy of the 

base document. 

5. (Previously Amended) The method of claim 2, wherein the access control list data 
comprises information identifying for each of a plurality of operations, the set of users that 
have permission to perform the operation, and said act of selectively providing access to 
perform operations on the workflow working copy of the base document depending upon the 
identity of a user, comprises: 

referencing the information identifying for each of a plurality of operations, 
the set of users that have permission to perform the operation; and 

if the user is in the set of users that have permission to perform the operation, 
providing access to the operation. 

6. (Previously Amended) The method of claim 2, wherein the access control Ust data 
comprises information identifying for each of a plurality of operations, the set of users that 
have permission to perform the operation, and said act of selectively providing access to 
perform operations on the workflow working copy of the base document depending upon the 
identity of a user, comprises: 
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referencing the information identifying for each of a plurality of operations, 
the set of users that have permission to perform the operation; and 

if the user is not in the set of users that have permission to perform the 
operation, denying access to the operation. 

7. (Previously Presented) The method of claim 5, v^herein the set of users are defined 
in terms of the roles that have permission to perform the operation, and said act of 
referencing the information identifying for each of a plurality of operations, the set of users 
that have permission to perform the operation, comprises: 

resolving for the user the set of roles to which the user has been assigned; and 
determining using the set of roles to which the user has been assigned and the 

set of users defined in terms of the roles that have permission to perform the operation, 

whether the user has permission to perform the requested operation. 

8. (Currently Amended) The method of claim 2, wherein oolootivoly providing a uo e r 
acoooG to tho workflow^ worlcing copy of the baoo document depending upon tho idontit>^ of a 
mey determining using the identitv of the user if the user should be pr ovided access to the 
workflow working copv of the base document, comprises: 

determining using the security descriptor data stored in relation to the base document 
and the workflow working copy document, that if a the_user has permission to read the 
workflow working copy of the base document^^id 

providing tho uoor acc e GG to tho worlcflow worlcing copy of th e baoo docum e nt . 



9. (Cancelled) 

10. (Currently Amended) The method of claim 2, wherein the security descriptor data 
comprises information identifying the set of users that have permission to read each of the 
base document and the workflow working copy of the base document, and said act of 
s e l e ctiv e ly providing aocooo to tho workflow working copy of tho baoo document depending 
nn thn iHnntity nf thn iir.or determining using the identitv of the user if the user should be 
provided access to the workflow working conv of the base document, comprises: 
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referencing the information identifying the set of users that have permission to 
read oach of tho bao e dooumont and the workflow working copy of the base document; and 

determining if the user is in the set of users that have permission to read the 
workflow working copy of the base document. , providing acc e oo to tho workflow worlcing 
copy of tho baoQ docum e nt . 

11. (Currently Amended) The method of claim 10, wherein the set of users are 
defined in terms of the roles that have permission to read each of the base document and the 
workflow working copy of the base document, and said act of referencing the information 
identifying the set of users that have permission to read oach of the buoo docimiont and the 
workflow working copy of the base document, comprises: 

resolving for the user the set of roles to which the user has been assigned; and 
determining using the set of roles to which the user has been assigned and the 
set of roles that have permission to read oach of th e baoo docum e nt and the workflow 
working copy of the base document, whether the user has permission to read th e bas e 
dooimient or the workflow working copy of the base document. 

12. (Original) A computer-readable media having stored thereon computer- 
executable instructions for performing the steps recited in claim 1 . 

13. (Currently Amended) A system for providing document isolation in a workflow 
environment, comprising: 

a processor, wherein said processor is operable to execute instructions for performing 

the following acts: 

maintaining for a base document undergoing a publishing workflow, a 

workflow copy of the base document; 

maintaining access control data in relation to the base docimient and the 
workflow copy of the base document, 

upon receipt of a request to access the base docxmient, Goloctiv e ly determining 
based on the access control data to provid e if access should be provided t o the workflow copv 
of the b ase document; and 
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providing access to the workflow copy of the base document if it determined 
that access should be provided to the workflow copy of the base document: and 

upon rocoipt of a roquoot to acc e GO tho base docum e nt, ooloctivoly det e rmining bas e d 
on th e aoooGD control data to provid e aocooD to tho workflow copy of the baoo dociun e nt. 

providing access to the base document if it is determined that access should 
not be provided to the workflow copy of the base document. 

14. (Previously Amended) The system of claim 13, wherein the access control data 
comprises security descriptor data identifying the set of users that have permission to read the 
base document and the workflow copy of the base document, the set of users comprising 
reviewers and approvers 

15. (Currently Amended) The system of claim 14, wherein said processor is operable 
to execute instructions for performing the following acts: 

referencing the security descriptor data; and 

determining that a user should be provided access dir e ct e d to the workflow 
copy of the base document based on the security descriptor data. 

16. (Previously Amended) The system of claim 15, wherein the security descriptor 
data identifies a set of roles corresponding to the set of users that have permission to read the 
base document and the workflow copy of the base document, and wherein said processor is 
operable to execute instructions for performing the act of determining the set of roles that a 
user has been assigned. 

17. (Previously Amended) The system of claim 13, wherein the access control data 
comprises access control list data identifying the set of users that have permission to perform 
operations on the workflow copy of the base document. 

18. (Previously Amended) The system of claim 17, wherein said processor is operable 

to execute instructions for performing the following acts: 

referencing the access control list data; and 
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determining that a user should be allowed to perform an operation on the 
workflow copy of the base document based on the access control list data. 

19. (Previously Amended) The system of claim 18, wherein the access control hst 
data identifies a set of roles corresponding to the set of users that have permission to perform 
operations on the workflow copy of the base document, and wherein said processor is 
operable to execute instructions for performing the act of determining the set of roles that a 
user has been assigned. 

20. (Cancelled) A method for controlling access to operations that may be performed 
on a docxmient, comprising: 

upon creation of a workflow, creating a workflow copy of a base document; 



workflow copy of the base document; 

assigning a unique identifier to the new operation; 

updating an access control list to include an entry for the imique identifier for 
the new operation; and 

updating the access control list to include an entry identifying the roles that 
have access to the new operation. 

21. (Cancelled) The method of claim 20, fiirther comprising updating the access 
control list to change roles that have access to the new operation in response to a change fi-om 
a first state to a second state by the workflow copy of the document in the workflow. 

22. (Cancelled) The method of claim 20, wherein the workflow is a publishing 
workflow and the new operation is at least one of the following: review and approve. 

23. (Cancelled) The method of claim 20, fiirther comprising: 

receiving a request to perform the new operation on the workflow copy of the base 
document; 

determining using the access control list whether to allow access to the new operation. 
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24. (Cancelled) The method of claim 23, wherein deteraiining using the access control 
list whether to allow access to the new operation comprises comparing a user's roles with the 
roles identified in the access control hst as having access to the new operation. 

25. (Withdrawn) A computer-implemented method of controlling access to 
documents, comprising: 

maintaining a first hst defining who may access a base document; 

maintaining a second Ust defining who may perform operations on the base document; 

upon receipt of a request from a user to create a workflow, accessing the first list and 
the second hst to determine whether the user may create a workflow relating to the base 
document; 

if the first list and the second list indicate the user may create a workflow relating to 
the base document, creating a copy of the base document; and 

while the copy of the base document is in the workflow, in response to requests to 
access the base docxmient, accessing at least the first list to determine whether to provide 
access to the copy of the base document. 

26. (Withdrawn) The method of claim 25, wherein maintaining a first list defining 
who may access a base document comprises maintaining a list of security descriptors. 

27. (Withdrawn) The method of claim 25, wherein maintaining a second list defining 
who may perform operations on the base document comprises maintaining an access control 
hst. 

28. (Withdrawn) The method of claim 25, fiirther comprising updating the second list 
upon creation of the copy of the base document to identify who may perform operations on 
the copy of the base document. 
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29. (Withdrawn) The method of claim 25, wherein maintaining a first list defining 
who may access a base document comprises maintaining a first list defining roles that may 
access a base document. 

30. (Withdrawn) The method of claim 25, fiirther comprising maintaining a third list 
defining who may access the copy of the base document. 

31. (Previously Presented) The method of claim 1, further comprising replacing the 
base docimient with the working workflow document upon exit of the base document firom 
the workflow. 

32. (Previously Presented) The system of claim 13, fiirther comprising upon exit of 
the base document fi-om the workflow replacing the base document with the workflow copy 
of the base document. 
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